Vulnerabilities > Adobe > High

DATE CVE VULNERABILITY TITLE RISK
2022-05-02 CVE-2021-42528 NULL Pointer Dereference vulnerability in Adobe XMP Toolkit Software Development KIT 2020.1/2021.07
XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file.
network
adobe CWE-476
7.1
2022-01-13 CVE-2021-40722 XXE vulnerability in Adobe Experience Manager
AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.
network
low complexity
adobe CWE-611
7.5
2021-10-21 CVE-2021-40719 Deserialization of Untrusted Data vulnerability in Adobe Connect
Adobe Connect version 11.2.3 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe Connect server.
network
low complexity
adobe CWE-502
7.5
2021-09-08 CVE-2021-28571 OS Command Injection vulnerability in Adobe After Effects
Adobe After Effects version 18.1 (and earlier) is affected by a potential Command injection vulnerability when chained with a development and debugging tool for JavaScript scripts.
network
high complexity
adobe CWE-78
7.6
2021-09-01 CVE-2021-36020 XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the 'City' field.
network
low complexity
adobe CWE-91
7.5
2021-08-20 CVE-2021-28634 OS Command Injection vulnerability in Adobe Acrobat DC
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command.
network
adobe CWE-78
8.5
2021-08-20 CVE-2021-28636 Uncontrolled Search Path Element vulnerability in Adobe Acrobat DC
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an Uncontrolled Search Path Element vulnerability.
network
adobe CWE-427
8.5
2021-08-20 CVE-2021-28637 Out-of-bounds Read vulnerability in Adobe Acrobat DC
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by an out-of-bounds read vulnerability.
network
adobe CWE-125
8.8
2021-05-27 CVE-2020-10145 Incorrect Authorization vulnerability in Adobe Coldfusion 2016/2018/2021
The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\ColdFusion2021\.
local
low complexity
adobe CWE-863
7.2
2020-10-21 CVE-2020-24425 Uncontrolled Search Path Element vulnerability in Adobe Dreamweaver
Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation.
local
low complexity
adobe CWE-427
7.2